About Me

Hello, my name is Thomas Cope and for eight years now I have been working as an Cloud Cyber Security Architect at IBM while studying part-time at Oxford University for a Masters Degree in Software and Systems Security. I am a experienced Security Architect and Systems Engineer who creates innovative solutions to complex problems and strive to automate wherever possible. I have strong experience in both Cloud and containerized (docker / kubernetes) platforms while working in DevOps / DevSecOps environments.

I enjoy programming and electronics in my spare time - you can learn more in the “Projects” sections below. I have a keen interest in Security, designing and building secure systems as well as performing pen tests on them. I enjoy “Capture the Flag” events and Security research. I am CISSP Certified as well as a Redhat Linux System Engineer. I use theses skills extensively at work and for the support of this server which is used to hosts both myself and a friend’s projects (Server Status).

In my spare time, I am a STEM Ambassador, an Associational (MBCS) Member of the British Computer Society and a member of the IBM Technical Consultancy Group (TCG). I play games such as TF2, Counter-Strike, Valorant, Minecraft and Badminton, and enjoy Skiing when I get the chance. Feel free to drop me a line either on my Twitter or Linkedin or GitHub or Youtube. Plus I use GPG if you want to send me encrypted Mail (PubKey).

Blog posts

Some of my ramblings:

X Series RAID Card Stuck Boot

The Issue I was able to acquire a second hand IBM System x3650 M4 BD (5466). I wanted to replace the ServeRAID card with a “ServeRAID M1015 LSI 9220-8i 6GB…

(Posted on 28 January 2021 · 2 mins read)

IBM Datapower Exploit CVE-2020-5014

During some personal security research I discovered a SSRF vulnerability in IBM Datapower which could then be upgraded to RCE. The practical upshot of which is with an authenticated session…

(Posted on 21 October 2020 · 3 mins read)

Debugging Valorant

I had quite a few issues getting Riot Games new first person shooter Valorant running on my laptop. This is a brief post to cover some of the techniques I…

(Posted on 17 July 2020 · 6 mins read)

NahamCon CTF (2020)

I took place in NahamCon CTF. It was a two day event but I was only able to make it for the last 1/2 of the last day. I scored…

(Posted on 14 June 2020 · 6 mins read)

Docker setuid & setgid weirdness

During some work on a project I came across some strange behaviour on how docker handles setuid & setgid. In Linux the setuid and setgid C calls are used to…

(Posted on 20 February 2020 · 8 mins read)

Zip Encryption Known Plain Text Attack

In this post I would like to highlight a really old flaw with the encryption used by the zip file format. This is a known text attack based on the…

(Posted on 05 December 2019 · 4 mins read)

Quick and Dirty Reverse Engineering

A while ago I had to work with a particularly frustrating application that was required to connect to a hardware appliance. Both of which will remain unnamed in this post….

(Posted on 15 November 2019 · 5 mins read)

Oxford Foundry CTF (2019)

The Oxford Competitive Computer Society hosted a Capture the Flag event which was great fun, I ranked third on the scoreboard. Below are my favorite challenges with a video of…

(Posted on 09 June 2019 · 1 min read)

Projects

A selection of my favorite projects:

ssh_ws

Homegrown implementation of Google Beyond Corp security system (Zero Trust)

This is a demonstration of a proof of concept I built to tunnel ssh traffic over web-sockets using the same system Google uses (Zero Trust) to secure SSH access. It used JWT, mTLS and OAuth. I build both a client and server application to achieve this.

bad_scp

A Proof of Concept of the Linux command ‘scp’ client side vulnerabilities (CVE-2019-6111 + CVE-2019-6110)

I reversed engineered and created a practical demo of the the CVE-2019-6111 + CVE-2019-6110 vulnerabilities

MSc in Software and Systems Security

Details of my Master Degree, chosen Modules and Dissertation

I attended Oxford University for a MSc in Software and Systems Security. This page details the 3 software and 7 security modules I attended along with a explanation of my dissertation.

Beans

A simple REST API Based Game

A REST API Game where the objective is to have the most beans by the end of the day

bash_bunny - scvtrs

Simple Cross platform Volatile TCP Reverse Shell using a Bash Bunny

Using the Bash Bunny from Hak5 I build payload that can determin the Host OS using p0f and then deliver the required payload

Pastejacking 2

A expansion on the original pastejacking attack using bash tricks

This is a demo of a new pastejacking attack using bash and command link tricks to fool the user into executing malicious code.

Arduino Minecraft Monitor

A helpful Arduino Library for polling Minecraft Servers

A custom made Arduino library to query a Minecraft server using the bespoke UDP query API.

Arduino Door Lock

Fingerprint and Android Style Pattern Lock

A Arduino door lock using a Fingerprint scanner and a 7 inch touch screen.

Golang Screen Saver

A snake style terminal screen saver written in Golang

A really simple terminal screen saver written in Golang using the tput library.

OpenCV Recorder

A simple but customizable WebCAM recorder using openCV.

A companion application to the TSTP, that allows for openCV videos to be saved and then played back.

Arduino Iron Key

A Arduino based portable secure memory stick.

I recreated the functionality of a hardware encrypted memory stick (such as ‘IronKey’ or ‘Datashur’) using the Arduino micro-controller and a SD card shield.

TSTP

Toms Sentry Tracking Program

This is the 3rd incarnation on my Sentry Tracking program. Using opencv and C++, this project dynamically scans a webcam or video feed and tracks one or more targets

TVBG

Toms Very Basic Game

One of the largest program I’ve written. A simple space shooter written in C++ using OpenGL and a custom made game engine.

TVTS

Toms Vehicle Tracking System (Arduino GPS)

A Arduino based GPS and GRSM Tracking System using a custom built library for the Maplin GSMShield. The Arduino acquires a GPS lock, reads the value and sends the data encrypted via UDP to a collection server.

CCB

Conference Call Bingo

A fun game to play while on a Conference Call.

Datapower XML to JSON

Gateway script to convert XML to JSON

A Really simple gateway script to be used on a IBM Datapower to convert XML to JSON using built in Datapower functions.

Languages

I primary write GO / Golang day to day and shell scripting. I have experience with the below languages:

Programming Languages

Markup Languages

Skills

Tools / Software:

IBM Specific:

Operating Systems:

Clouds

Qualifications

Certifications

Awards

Contact

Click here to decode